How Attackers Choose Which Vulnerabilities to Exploit

It seems that not a day goes by without a headline announcing that a zero-day flaw has been found in operating system and application code. This increase in the discovery and exploitation of zero-day attacks is certainly a cause for concern, but most attackers rely on known and usually vendor-patched vulnerabilities to attack their victims. According to Solutionary’s 2012 Q4 Intelligence Report, at least half of the exploit kits that attempt to inject malware into Web surfers’ computers target vulnerabilities more than 2 years old, while some had been known vulnerabilities for as many as 10 years.

In this report, Dark Reading gets into the heads of hackers and explains why some vulnerabilities are exploited over and over again while others are largely ignored. We also offer some recommendations on how enterprise IT organizations can use this insight to help maximize their security resources and defenses. (S6700313)